NCA ECC 2.0 — COMPLIANCE

Are You Truly Compliant with
Saudi Arabia's ECC?

The National Cybersecurity Authority's Essential Cybersecurity Controls (ECC-1:2018) are a mandatory baseline for every organization operating in the Kingdom. Most believe they're compliant. Most are wrong.

76%

of Saudi orgs had at least one ECC gap in 2024

4.5M

SAR — average cost of a data breach in the region

ECC controls mapped continuously by SOC Root

What Is ECC and Why It Matters

The Essential Cybersecurity Controls (ECC-1:2018) define the minimum security baseline required by the NCA for all government and critical infrastructure organizations in Saudi Arabia. Non-compliance isn't just a regulatory risk — it's a direct business risk.

A single unaddressed gap in your Governance or Defense domain can result in a breach that costs millions in remediation, reputational damage, and potential regulatory action. SOC Root maps every one of your active controls against the full ECC framework in real time — so you're never caught off guard.

All 5 ECC Domains Covered

🏛️

Cybersecurity Governance

Policy frameworks, risk ownership, roles and accountability — the foundation everything else is built on.

🛡️

Cybersecurity Defense

Endpoint protection, vulnerability management, network segmentation, and continuous external scanning.

🔄

Cybersecurity Resilience

Incident response plans, business continuity, disaster recovery, and backup integrity testing.

🤝

Third-Party Cybersecurity

Vendor risk assessments, contractual cybersecurity requirements, and securing supply chains.

Self-Assessment Checklist

Check each control your organization has implemented. Get an instant compliance score and see where your critical gaps are.

ECC Compliance Score

0 / 16 controls

7 critical gaps

Start checking controls to measure your compliance posture.

Cybersecurity PolicycriticalGovernance

Roles & ResponsibilitieshighGovernance

Risk ManagementcriticalGovernance

Asset InventorycriticalDefense

Vulnerability ManagementcriticalDefense

Network SecurityhighDefense

Email & Web FilteringhighDefense

Endpoint ProtectioncriticalDefense

Privileged Access ManagementhighDefense

EncryptionhighDefense

Incident Response PlancriticalResilience

Business ContinuityhighResilience

Backup & RecoverycriticalResilience

Vendor Risk AssessmenthighThird-Party

Contractual RequirementsmediumThird-Party

Cloud SecurityhighThird-Party

7 critical controls not implemented

SOC Root can close these gaps within 14 days. Schedule a free assessment.

Get Free Gap Analysis

How SOC Root Closes the Gaps

1
Initial Gap Analysis
We map your existing infrastructure against all 23 ECC controls and produce a prioritized gap report within 48 hours.
2
Remediation Roadmap
Critical gaps get immediate action plans. We don't hand you a list and walk away — our engineers guide implementation.
3
Continuous Posture Monitoring
Our SIEM continuously measures your compliance state. Any drift from an implemented control triggers an immediate alert.
4
Audit-Ready Documentation
When the NCA or an auditor comes knocking, your compliance evidence is ready: dashboards, logs, reports, and control attestations.

NO COMMITMENT REQUIRED

Know Your True ECC Posture

Start with a free external vulnerability scan. We'll map the findings to your specific ECC gaps and deliver a prioritized action plan — at no cost.

Start Free Assessment View Governance Plan

Are You Truly Compliant withSaudi Arabia's ECC?